Trying to Understand How Roles & Dynamic Security Work RRS feed

  • Question

  • I am completely new to setting up security and tried to follow along with some articles I've read on the 'net...but don't quite understand what I'm doing.  Pics are below, but basically I have created a cube called "Active Directory".  Inside of Active Directory are dimensions for User ID and Locations.  My fact table just lists the connection of User ID & their associated School ID.  

    I have a pretty decent amount of cubes and SSRS reports that feed off them.  Almost every report and cube use the Location dimension.  I was hoping to put security on the Location Dimension so that it would filter into all the cubes.

    What I've tried to do (and am falling short) is create a role and in the Dimension Data tab, select the Location Dimension, the Location attribute, switch over to the Advanced tab, and put in the following code under Allowed member set:

    NonEmpty (
    StrToMember("[Active Directory].[User ID].[" + CustomData() + "]"),
      [Measures].[Fact Active Directory Count]

    When I click on the "Check" button, I get the following error:  An error occurred in the MDX script for the dimension attribute permission's allowed member set.  The member '[Fact Active Directory Count]' was not found in the cube when the string, [Measures].[Fact Active Directory Count], was parsed.

    I'm not completely shocked at getting this error message since the security seems to be working against a dimension and not a specific cube.

    I'm hoping my screen shots below will help to explain -- I'd love to actually learn what I'm doing wrong so I can start to build better security models in the future.

    Wednesday, September 11, 2013 8:46 PM


  • I've found the issue -- as I pointed out in my screen shot above, I was trying to set the security on the Database-Level Location Dimension, and not on the Cube-Level Location Dimension.  I switched to use the Location Dimension in my Active Directory cube, and everything clicked right in!!
    • Marked as answer by Elvis Long Wednesday, September 18, 2013 9:30 AM
    Thursday, September 12, 2013 3:51 PM